Over the past few years, we’ve seen a dramatic increase in the number of ransomware cases hitting both individuals and organizations. Hackers have targeted all types of individuals and organisations with financial gain as their primary motivation, but how does it work?
When a user visits an infected website or clicks on a link in an email or popup window, the ransomware downloads onto your computer and exhibits certain behaviors in an effort to extort you for money. Some ransomware will continuously display popups of inappropriate material (e.g. pornography), while others known as crypto-ransomware will encrypt your hard drive or delete data every so often.
Prevention of Ransomware
Ransomware is a nightmare and can cause complete and utter destruction for an individual or company if it makes its way onto your computer. Because it is extremely difficult to recover systems hit with ransomware without paying the price, it is by far best to prevent it from landing on your systems in the first place. There are numerous ways to harden your systems to prevent ransomware attacks.
1) Security Awareness Training
All organizations of any size should have some form of security awareness policies and training, which provides end users with bests practices for the use of non-corporate websites (e.g. search engines, social media, gaming websites, etc.), email safety, as well as removable media (USBs, external drives). Best practices include only opening email attachments from known, verified senders, not clicking on any popups from the internet, and not venturing into websites that are linked to social media platforms – regardless of who posted it.
2) Software Restriction Policies (SRPs)
Use tools such as CrpytoPrevent, which are able to write hundreds of group policy objects (GPOs) into a system’s registry in order to prevent ransomware from lodging itself into these locations. SRPs use group policies to prevent executables from running, which enables a system administrator to essentially lock down areas of an operating system (or the entire OS) to contain ransomware.
3) Spam Filtering
External Spam Filtering services such as SpamTitan Email Security are able to search email content and attachments to looking for malware, phishing attempts, or suspicious links embedded in emails. System administrators should use spam filters to their fullest extent to augment their gateway security by configuring appropriate rules and policies to prevent any malicious content from making it to user’s inboxes.
4) Unified Threat Management
Unified threat management (UTM) platforms work best when they are activated on edge devices, protecting your network perimeter. Next-gen firewalls equipped with UTM are able to perform content filtering, intrusion prevention and detection (rather than setting up separate IDS/IPS devices), and spam filtering functions. UTM performs deep packet inspection or rather than simply reading the metadata on network packets, the contents of packets is inspected for malicious files or content.
5) Have Security Software on Servers and Workstations.
Built in dual-antivirus solutions on both the endpoints and network entry points (including email and network gateways) to provide multiple layers of protection. Best practices include using different systems for email AV and endpoint/network AV to provide multiple layers of protection. It is always possible that one company will miss a threat that another catches ahead of time.
6) DNS Protection
WebTitan Cloud is a service which augments the function of DNS to provide advanced malware protection. Services include additional phishing protection, and analysis of queries to block malicious requests. WebTitan Cloud applies security rules across the enterprise network for consistent application of security rules. It also allows for web pages to be blocked, and provides the ability to enter bypass codes when necessary.
Fail-safe Mechanisms if the Worst Occurs
Aside from preventative measures, it is absolutely vital that all computer systems and network devices are safeguarded in the event ransomware makes it through all of your preventative controls. The best way to recover a system without making payment is to ensure that there are up-to-date, reliable backups created for all data (operational, development, configuration files, etc.). Backups can be created to roll a system back to a point in time just before the ransomware attack occurred, minimizing the loss of data and damage done to your computing devices. Additionally, larger organizations have begun looking at “air-gapped” solutions, in which continuous backups are created and sanitized, before being stored in a “vault”. This vault solution provides an immediate method to restore systems, while scanning all data entering the vault to verify the absence of malware or malicious activity.
Ransomware can be detrimental to an both individuals and organizations alike if it makes its way into your systems. Though our attackers have become more sophisticated in their attack methods, if we invest time and resources into our security strategies we can greatly harden our networks and rid ourselves from the vulnerabilities that plague us. Both preventative and fail-safe measures are extremely important to protect your data (and wallets!), and the extra effort into your security approach will provide much peace of mind.
3-2-1 Backup - How it Works
In order to ensure dependable worry-free backups, you need redundancy which is what the traditional 3-2-1 Backup is all about. The topology design of the 3-2-1 backup is as follows:
- Have at least 3 copies of your data
- Utilize two different media formats
- Have one of the copies be offsite
Three copies of your data means that one copy is the original data supported by two separate backup copies. Your data should reside on two separate mediums such as that of a network share, an SSD drive on some type of storage array. By snapshotting your data at regular intervals throughout the day, you can easily recover from an attack on a virtual host server or VM. Of course it goes without saying that any backup plan includes regular test restorations of the data to ensure your data can be recovered intact.
Talk to a TitanHQ email security specialist today and discover how we can help protect your organisation from ransomware attacks. Contact us